GCP User added in IAM cannot see project
I have a project in Google Cloud that I'm trying to add an "editor" to (I will remain the sole project owner). I have added this person using their gmail address in the IAM permissions but the project does not show up in their projects list when they log into the GCP console.
I'm using the instructions here: https://cloud.google.com/iam/docs/granting-changing-revoking-access
- Open the IAM page in the GCP Console.
- Open the IAM page
- Click Select a project, choose a project, and click Open.
- Click Add.
- Enter an email address
- Select a role.
- Click Save.
Is there something that I'm missing here?
Solution 1:
I have found that at least at the time of this writing if the user does not have access to read all projects in an organization then no projects will show up. If the user has landed in a resource that is accessible to them for a given project then such a project will show up under the proper organization.
Here is how to replicate:
- As an admin create a "newProject990055" under an existing organization, select it and navigate to the IAM menu.
- Add a user with just the role "Logs Viewer" for "newProject990055".
- Login with such a user and try to select project "newProject990055". Expected: User won't see "newProject990055" because the user has no access to list all projects, and "newProject990055" is new, and the user has never visited it before.
- With such a user hit https://console.cloud.google.com/logs/query?project=newProject990055. Expected: User will see the logs for the "newProject990055" project and user will be notice that such a project is selected.
- Logoff and login back with such a user, click on the dropdown for projects. Expected: User should be able to see project "newProject990055" because even though the user has no access to list all projects, and "newProject990055" is new, the user has already visited it before.